The Food and Drug Administration has issued draft guidance for managing cybersecurity vulnerabilities for marketed medical devices, encouraging manufacturers to address cybersecurity throughout a product’s lifecycle.
The FDA is accepting comments for the nonbinding draft guidance, which urges medical manufacturers to address cybersecurity in a product’s design, development, production, distribution, deployment, and maintenance.
“Networked medical devices, like other networked computer systems, incorporate software that may be vulnerable to cybersecurity threats,” according to the FDA draft guidance. “The exploitation of vulnerabilities may represent a risk to the safety and effectiveness of medical devices and typically requires continual maintenance throughout the product life cycle to assure an adequate degree of protection against such exploits. Proactively addressing cybersecurity risks in medical devices reduces the patient safety impact and the overall risk to public health.”
The FDA aims to encourage collaboration among the medical device sand health information technology community to develop a shared understanding of cybersecurity risks and vulnerabilities to medical devices and to take “timely, appropriate action to mitigate the risks.”
The agency said it also recognizes that medical device cybersecurity is a shared responsibility between health care facilities, patients, providers and medical device manufacturers. It is accepting comments within 90 days of its issuance January 22.
Get updates on the latest news impacting senior living through our Argentum Daily newsletter.